ERASED TEST, YOU MAY BE INTERESTED ON Comptia S+ SY0-701 September 2024 v2
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
Comptia S+ SY0-701 September 2024 v2 Description: Security + Author: Rabelani Other tests from this author Creation Date: 18/09/2024 Category: Computers Number of questions: 94 |
Share the Test:
New Comment
No comments about this test.
Content:
|
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented? Mitigate Accept Transfer Avoid. Which of the following is used to add extra complexity before using a one-way data transformation algorithm? Key stretching Data masking Steganography Salting. A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source? Application IPS/IDS Network Endpoint. A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment? hping Wireshark PowerShell netstat. A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step? Capacity planning Redundancy Geographic dispersion Tablet exercise. Which of the following describes the process of concealing code or text inside a graphical image? Symmetric encryption Hashing Data masking Steganography. A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met: • An existing Internal certificate must be used. • Wired and wireless networks must be supported • Any unapproved device should be Isolated in a quarantine subnet • Approved devices should be updated before accessing resources Which of the following would best meet the requirements? 802.IX EAP RADIUS WPA2. A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing? Active Passive Defensive Offensive. A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement? Microservices Containerization Virtualization Infrastructure as code. A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use? Partition Asymmetric Full disk Database. Which of the following is the best reason to complete an audit in a banking environment? Regulatory requirement Organizational change Self-assessment requirement Service-level requirement. A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity? White Purple Blue Red. Which of the following scenarios describes a possible business email compromise attack? An employee receives a gift card request in an email that has an executive's name in the display field of the email. Employees who open an email attachment receive messages demanding payment in order to access files. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account. An employee receives an email with a link to a phishing site that is designed to look like the company's email portal. A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions? Encryption standard compliance Data replication requirements Least privilege Access control monitoring. In which of the following scenarios is tokenization the best privacy technique 10 use? Providing pseudo-anonymization tor social media user accounts Serving as a second factor for authentication requests Enabling established customers to safely store credit card Information Masking personal information inside databases by segmenting data. Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan? Continuity of operations Capacity planning Tabletop exercise Parallel processing. An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of? Pretexting Impersonation Ransomware Invoice scam. Which of the following control types is AUP an example of? Physical Managerial Technical Operational. A security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered? The user jsmith's account has been locked out. A keylogger is installed on [smith's workstation. An attacker is attempting to brute force ismith's account. Ransomware has been deployed in the domain. A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider? Clustering servers Geographic dispersion Load balancers Off-site backups. A network administrator deployed a DNS logging tool that togs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place? Preventive Deterrent Corrective Detective. A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent? Accept Transfer Mitigate Avoid. A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites? encryption=off\ https:// www.*.com :443. Which of the following is an algorithm performed to verify that data has not been modified? Hash Code check Encryption Checksum. Which of the following is a common source of unintentional corporate credential leakage in cloud environments? Code repositories Dark web Threat feeds State actors Vulnerability databases. Which of the following penetration testing teams is focused only on trying to compromise an organization using an attacker's tactics? White Red Purple Blue. A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report: Which of the following is the most likely way a rogue device was allowed to connect? A user performed a MAC cloning attack with a personal device. A DMCP failure caused an incorrect IP address to be distributed An administrator bypassed the security controls for testing. DNS hijacking let an attacker intercept the captive portal traffic. A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to an online forum. Which of the following would be best for the systems administrator to implement? Air gap Jump server Logical segmentation Virtualization. Which of the following security control types does an acceptable use policy best represent? Detective Compensating Corrective Preventive. An organization recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application. Which of the following best explains the security technique the organization adopted by making this addition to the policy? Identify embedded keys Code debugging Input validation Static code analysis. Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control? Physical Managerial Technical Operational. A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue? Backout plan Impact analysis Test procedure Approval procedure. A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement? Role-based restrictions Attribute-based restrictions Mandatory restrictions Time-of-day restrictions. A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first? Local data protection regulations Risks from hackers residing in other countries Impacts to existing contractual obligations Time zone differences in log correlation. Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card? Encryption Hashing Masking Tokenization. department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity? Espionage Data exfiltration Nation-state attack Shadow IT. Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk? ARO RTO RPO ALE SLE. A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first? Security of cloud providers Cost of implementation Ability of engineers Security of architecture. After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training? Insider threat Email phishing Social engineering Executive whaling. A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.) If a security incident occurs on the device, the correct employee can be notified. The security team will be able to send user awareness training to the appropriate device. Users can be mapped to their devices when configuring software MFA tokens. User-based firewall policies can be correctly targeted to the appropriate laptops. When conducting penetration testing, the security team will be able to target the desired laptops. Company data can be accounted for when the employee leaves the organization. During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two). Federation Identity proofing Password complexity Default password changes Password manager Open authentication. An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? Role-based Discretionary Time of day Least privilege. A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring? Encryption at rest Masking Data classification Permission restrictions. Which of the following provides the details about the terms of a test with a third-party penetration tester? Rules of engagement Supply chain analysis Right to audit clause Due diligence. A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal? SPF GPO NAC FIM. An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation? Educate users about the importance of paper shredder devices. Deploy an authentication factor that requires ln-person action before printing. Install a software client m every computer authorized to use the MFPs. Update the management software to utilize encryption. An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk? XDR SPF DLP DMARC. A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue? chmod grep dd passwd. A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work? SOAR SIEM MDM DLP. A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client? MSA SLA BPA SOW. A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration: • Most secure algorithms should be selected • All traffic should be encrypted over the VPN • A secret password will be used to authenticate the two VPN concentrators To configure the site-to-site VPN between the two branch offices according to the provided requirements, here are the detailed steps and settings that need to be applied to the VPN concentrators: Requirements: Most secure algorithms should be selected. All traffic should be encrypted over the VPN. A secret password will be used to authenticate the two VPN concentrators. VPN Concentrator 1 Configuration: Phase 1: Peer IP address: 5.5.5.10 (The IP address of VPN Concentrator 2) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.1.0/24 Remote network/mask: 192.168.2.0/24 VPN Concentrator 2 Configuration: Phase 1: Peer IP address: 5.5.5.5 (The IP address of VPN Concentrator 1) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.2.0/24 Remote network/mask: 192.168.1.0/24 VPN Concentrator 1 (Branch Office 1) Configuration: Phase 1: Peer IP address: 5.5.5.20 (IP of VPN Concentrator 2) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.1.0/24 Remote network/mask: 192.168.2.0/24 VPN Concentrator 2 (Branch Office 2) Configuration: Phase 1: Peer IP address: 5.5.5.10 (IP of VPN Concentrator 1) Auth method: PSK (Pre-Shared Key) Negotiation mode: MAIN Encryption algorithm: AES256 Hash algorithm: SHA256 DH key group: 14 Phase 2: Mode: Tunnel Protocol: ESP (Encapsulating Security Payload) Encryption algorithm: AES256 Hash algorithm: SHA256 Local network/mask: 192.168.2.0/24 Remote network/mask: 192.168.1.0/24. In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response? Risk tolerance Risk acceptance Risk importance Risk appetite. An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future? Standardizing security incident reporting Executing regular phishing campaigns Implementing insider threat detection measures Updating processes for sending wire transfers. A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment? Contain the Impacted hosts Add the malware to the application blocklist. Segment the core database server. Implement firewall rules to block outbound beaconing. While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal? Community cloud PaaS Containerization Private cloud SaaS laaS. Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats? Air gap Barricade Port security Screen subnet. Which of the following would be the best way to block unknown programs from executing? Access control list Application allow list Host-based firewall DLP solution. A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach? Watering hole Bug bounty DNS sinkhole Honeypot. Which of the following would be used to detect an employee who is emailing a customer list to a personal account before leaving the company? DLP FIM IDS EDR. A network manager wants to protect the company's VPN by implementing multifactor authentication that uses: . Something you know . Something you have . Something you are Which of the following would accomplish the manager's goal? Domain name, PKI, GeolP lookup VPN IP address, company ID, facial structure Password, authentication token, thumbprint Company URL, TLS certificate, home address. A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first? Air gap the system. Move the system to a different network segment. Create a change control request. Apply the patch to the system. After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example? False positive False negative True positive True negative. A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision? IMTTR RTO ARO MTBF. Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address? VM escape SQL injection Buffer overflow Race condition. Which of the following is the best way to secure an on-site data center against intrusion from an insider? Bollards Access badge Motion sensor Video surveillance. Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities? Encrypted Intellectual property Critical Data in transit. A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks. SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior? Digital forensics E-discovery Incident response Threat hunting. An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal? Segmentation Isolation Patching Encryption. Which of the following should a security operations center use to improve its incident response procedure? Playbooks Frameworks Baselines Benchmarks. A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use? Deploying PowerShell scripts Pushing GPO update Enabling PAP Updating EDR profiles. A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access? EAP DHCP IPSec NAT. A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do? Place posters around the office to raise awareness of common phishing activities. Implement email security filters to prevent phishing emails from being delivered. Update the EDR policies to block automatic execution of downloaded programs. Create additional training for users to recognize the signs of phishing attempts. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software? Configure all systems to log scheduled tasks. Collect and monitor all traffic exiting the network. Block traffic based on known malicious signatures. Install endpoint management software on all systems. A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred? The end user changed the file permissions. A cryptographic collision was detected. A snapshot of the file system was taken. A rootkit was deployed. Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration? Unidentified removable devices Default network device credentials Spear phishing emails Impersonation of business units through typosquatting. An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two). Disable default accounts. Add the server to the asset inventory. Remove unnecessary services. Document default passwords. Send server logs to the SIEM. Join the server to the corporate domain. A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security? Installing HIDS on the system Placing the system in an isolated VLAN Decommissioning the system Encrypting the system's hard drive. While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring? Secure cookies Input sanitization Code signing Blocklist. The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address: Which of the following most likely describes attack that took place? Spraying Brute-force Dictionary Rainbow table. Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network? IDS ACL EDR NAC. Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated: “I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.” Which of the following are the best responses to this situation? (Choose two). Cancel current employee recognition gift cards. Add a smishing exercise to the annual company training. Issue a general email warning to the company. Have the CEO change phone numbers. Conduct a forensic investigation on the CEO's phone. Implement mobile device management. Which of the following security concepts is accomplished with the installation of a RADIUS server? CIA AAA ACL PEM. Which of the following is best used to detect fraud by assigning employees to different roles? Least privilege Mandatory vacation Separation of duties Job rotation. Which of the following can be used to identify potential attacker activities without affecting production servers? Honey pot Video surveillance Zero Trust Geofencing. Which of the following best describe a penetration test that resembles an actual external attach? Known environment Partially known environment Bug bounty Unknown environment. Which of the following topics would most likely be included within an organization's SDLC? Service-level agreements Information security policy Penetration testing methodology Branch protection requirements. Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack? Digital signatures Salting Hashing Perfect forward secrecy. Which of the following is required for an organization to properly manage its restore process in the event of system failure? IRP DRP RPO SDLC. A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up? Open-source intelligence Bug bounty Red team Penetration testing. A security administrator recently reset local passwords and the following values were recorded in the system: Which of the following in the security administrator most likely protecting against? Account sharing Weak password complexity Pass-the-hash attacks Password compromise. An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example? Recovery point objective Mean time between failures Recovery time objective Mean time to repair. After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable? Console access Routing protocols VLANs Web-based administration. A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices? Visualization and isolation of resources Network segmentation Data encryption Strong authentication policies. A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next? IPS Firewall ACL Windows security. |
Report abuse